In order to comply with National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 (SP 800-53), Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 FedRAMP's has mandated a CSP Rev4 to Rev 5 Baseline Transition Plan that Signed May 30, 2023 and due September 1, 2023 and October 1, 2023. Cloud.gov lacked the resources to comply with a 90 day mandate and agreed to deliver the documentation no later than (NLT) March 17, 2024 which includes:
Identify the delta between their current Rev.4 implementation and the Rev.5 requirements
Develop plans (including implementation and testing schedule(s)) to address the delta.
Document those plans in the SSP and POA&M(and post them to the CSP’s package repository)(current issue being addressed)
Update plans based on leveraged CSP information (e.g.shared controls).
seanmbazemore
commented
9 months ago
In order to comply with National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 (SP 800-53), Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 FedRAMP's has mandated a CSP Rev4 to Rev 5 Baseline Transition Plan that Signed May 30, 2023 and due September 1, 2023 and October 1, 2023. Cloud.gov lacked the resources to comply with a 90 day mandate and agreed to deliver the documentation no later than (NLT) March 17, 2024 which includes:
Identify the delta between their current Rev.4 implementation and the Rev.5 requirements
Update plans based on leveraged CSP information (e.g.shared controls).